generated from lucien/api-template
add: added an auth middleware to simplify code
This commit is contained in:
parent
c34df6609c
commit
e0efe57f5c
9 changed files with 104 additions and 70 deletions
|
|
@ -2,6 +2,7 @@ const express = require('express');
|
|||
const sha256 = require("sha256");
|
||||
const jwt = require('jsonwebtoken');
|
||||
const { getConnection, getUserByUsername, addUser, getUser } = require('../libs/mysql');
|
||||
const { checkAuth } = require('../libs/middlewares');
|
||||
|
||||
const router = express.Router();
|
||||
|
||||
|
|
@ -52,27 +53,10 @@ router.post('/register', async (req, res) => {
|
|||
res.send({ message: 'User added' });
|
||||
});
|
||||
|
||||
router.use('/me', checkAuth);
|
||||
router.post('/me', async (req, res) => {
|
||||
const { token } = req.body;
|
||||
|
||||
if (!token) {
|
||||
return res.status(400).send({ error: 'Invalid token' });
|
||||
}
|
||||
|
||||
const decoded = jwt.verify(token, process.env.JWT_SECRET);
|
||||
|
||||
if (!decoded.id) {
|
||||
return res.status(400).send({ error: 'Invalid token' });
|
||||
}
|
||||
|
||||
const connection = await getConnection();
|
||||
const users = await getUser(connection, decoded.id);
|
||||
connection.end();
|
||||
if (users[0]) {
|
||||
res.send({ id: users[0].id, username: users[0].username, admin: users[0].admin });
|
||||
} else {
|
||||
res.status(401).send({ error: 'Invalid token' });
|
||||
}
|
||||
const user = req.user;
|
||||
res.send({ id: user.id, username: user.username, admin: user.admin });
|
||||
});
|
||||
|
||||
module.exports = router;
|
||||
|
|
@ -1,6 +1,7 @@
|
|||
const express = require('express');
|
||||
const jwt = require('jsonwebtoken');
|
||||
const { getConnection, getUser, getChannels, getChannel, addChannel, getMessages, addMessage, deleteMessage, getLastMessages } = require('../libs/mysql');
|
||||
const { checkAuth } = require('../libs/middlewares');
|
||||
|
||||
const router = express.Router();
|
||||
|
||||
|
|
@ -36,53 +37,48 @@ router.get('/:name/messages', async (req, res) => {
|
|||
res.send(messages);
|
||||
});
|
||||
|
||||
router.use('/:name/messages/send', checkAuth);
|
||||
router.post('/:name/messages/send', async (req, res) => {
|
||||
const { token, message } = req.body;
|
||||
const { message } = req.body;
|
||||
const name = req.params.name;
|
||||
const connection = await getConnection();
|
||||
const user = req.user;
|
||||
|
||||
const decoded = jwt.verify(token, process.env.JWT_SECRET);
|
||||
const user = await getUser(connection, decoded.id);
|
||||
if (!user[0]) {
|
||||
connection.end();
|
||||
return res.status(401).send({ error: 'Invalid token' });
|
||||
if (!message) {
|
||||
return res.status(400).send({ error: 'Missing parameters' });
|
||||
}
|
||||
|
||||
const connection = await getConnection();
|
||||
|
||||
const channel = await getChannel(connection, name);
|
||||
if (!channel[0]) {
|
||||
connection.end();
|
||||
return res.send('No channel found');
|
||||
}
|
||||
|
||||
await addMessage(connection, channel[0].id, user[0].id, message.replace("\"", "'"));
|
||||
await addMessage(connection, channel[0].id, user.id, message.replace("\"", "'"));
|
||||
connection.end();
|
||||
res.send({ message: 'Message sent' });
|
||||
});
|
||||
|
||||
router.use('/:name/messages', checkAuth);
|
||||
router.post('/:name/messages/delete', async (req, res) => {
|
||||
const { token, message_id } = req.body;
|
||||
const { message_id } = req.body;
|
||||
const name = req.params.name;
|
||||
const user = req.user;
|
||||
|
||||
if (!message_id || !token) {
|
||||
return res.status(400).send({ error: 'Missing parameters' });
|
||||
if (!message_id) {
|
||||
return res.status(400).send({ error: 'Missing message_id' });
|
||||
}
|
||||
|
||||
const connection = await getConnection();
|
||||
|
||||
const decoded = jwt.verify(token, process.env.JWT_SECRET);
|
||||
const user = await getUser(connection, decoded.id);
|
||||
if (!user[0]) {
|
||||
connection.end();
|
||||
return res.status(401).send({ error: 'Invalid token' });
|
||||
}
|
||||
|
||||
const channel = await getChannel(connection, name);
|
||||
if (!channel[0]) {
|
||||
connection.end();
|
||||
return res.status(400).send({ error: 'No channel found' });
|
||||
}
|
||||
|
||||
if (user[0].id !== channel[0].owner_id && user[0].id !== message_id && user[0].admin !== 1) {
|
||||
if (user.id !== channel[0].owner_id && user.id !== message_id && user.admin !== 1) {
|
||||
connection.end();
|
||||
return res.status(401).send({ error: 'Unauthorized' });
|
||||
}
|
||||
|
|
@ -92,22 +88,17 @@ router.post('/:name/messages/delete', async (req, res) => {
|
|||
res.send({ message: 'Message deleted' });
|
||||
});
|
||||
|
||||
router.use('/add', checkAuth);
|
||||
router.post('/add', async (req, res) => {
|
||||
const { name, description, token } = req.body;
|
||||
const { name, description } = req.body;
|
||||
const user = req.user;
|
||||
|
||||
if (!name || !description || !token) {
|
||||
if (!name || !description) {
|
||||
return res.status(400).send({ error: 'Missing parameters' });
|
||||
}
|
||||
|
||||
const connection = await getConnection();
|
||||
|
||||
const decoded = jwt.verify(token, process.env.JWT_SECRET);
|
||||
const user = await getUser(connection, decoded.id);
|
||||
if (!user[0]) {
|
||||
connection.end();
|
||||
return res.status(401).send({ error: 'Invalid token' });
|
||||
}
|
||||
|
||||
const channel = await getChannel(connection, name);
|
||||
if (channel[0]) {
|
||||
connection.end();
|
||||
|
|
@ -119,7 +110,7 @@ router.post('/add', async (req, res) => {
|
|||
return res.status(400).send({ error: 'Invalid channel name' });
|
||||
}
|
||||
|
||||
await addChannel(connection, name, description, user[0].id);
|
||||
await addChannel(connection, name, description, user.id);
|
||||
connection.end();
|
||||
res.send({ message: 'Channel added' });
|
||||
});
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue